This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Bioc rules (XQL query)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Bioc rules (XQL query)

Ajhuge
L0 Member

‎02-19-2023 10:41 PM

Hello everyone. I need help about bioc rules. I found a lot of ioc rules from other source. But I dont know how can I change that ioc rules to BIOC rules. Thats really so big problem for me and I can't figure out. Who can help me about that? Thanks in advance.

0 Likes Likes
2 REPLIES 2

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎03-01-2023 01:04 AM

Hi @Ajhuge ,

Can you please clarify what are you trying to achieve?

I am probably missing your point, but IOC and BIOC are two different thinks:

- IOC are "static" indicator like known bad IP, domain, file hash, file name etc. XDR allow you to manually add IOC one at time, or bulk import from file. Working with IOCs • Cortex XDR Pro Administrator Guide • Reader • Palo Alto Networks documentation p...

- BIOC are behavior indicator, where using XQL query you can define what behaviors/actions/series of related actions could be suspicious. Working with BIOCs • Cortex XDR Pro Administrator Guide • Reader • Palo Alto Networks documentation ...

 

You don't need to create BIOC to look for IOC. XDR will raise alert whenever defined IOC is detected.

If you want to import IOC from external Threat Intelligence, unfortunately XDR doesn't support "polling" IOC from external source. However you can "push" IOC to XDR using the Rest API - as mentioned in above links this option is available only for Pro per Endpoint license

0 Likes Likes

TamikaGunter
L0 Member

‎03-13-2023 06:22 AM

Thanks for the links, and if I still face any issue, I will message you.

Thanks for the links, and if I still face any issues, I will message you. I also need help regarding Bioc rules and that is why I am looking about it online and gladly I found your post where I found my answer. I would also like to help you by sharing the https://www.thelondoneconomic.com/lifestyle/10-best-universities-in-uk-for-international-students-34... website with you where you will find the 10 best Universities in the UK for an international school. If you are thinking about studying in UK and you are from another country then I will strongly recommend you to visit over there.
0 Likes Likes
  • 1271 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks